Skip to content

Latest commit

 

History

History
315 lines (263 loc) · 11.1 KB

README.md

File metadata and controls

315 lines (263 loc) · 11.1 KB

npm version Build Status

onetimesecret-api

A thin Javascript wrapper around the OneTimeSecret API.

OneTimeSecret is an open-source secret-sharing service that ensures that secrets can be shared securely and are only read once. The service can be accessed via the webpage, or via API. This project provides a thin Javascript wrapper for the API that makes it easy to use the service or a self-hosted server in any Javascript project. You can find the source code in the OneTimeSecret Github.

The module is published on NPM as onetimesecret-api.

Dependencies

  • Node.js: 8 and 10+

Installation

yarn add onetimesecret-api

or

npm install onetimesecret-api

Usage

The API wrapper is implemented for asynchronous control flow using promises. For most calls the promise resolves into a Javascript object containing all attributes provided by the server. Configuration or server errors are thrown and have to be handled by the caller. Only the most important attributes of a call are documented here, please check out the API description for the full documentation.

In order to use the API the API class must be imported and setup to get a handler.

OneTimeSecretApi(<username>, <api_key>, [<options>])
  • <username>: username specified during sign-up at the OneTimeSecret Service, or your server of choice (if defined in the <options>)
  • <password>: Password or API key created for your account
  • <options>: additional api options
    • <url>: server url of a custom server
    • <apiVersion>: API version to use (currently only "v1"). ApiVersion provides a list of supported API versions
  • Returns instance of the API
  • Throws InputError if <username> or <password> is missing

Example:

import {OneTimeSecretApi} from "onetimesecret-api";

const ots = new OneTimeSecretApi("tom@example.com", "04821d62");

or

import {OneTimeSecretApi} from "onetimesecret-api";

const ots = new OneTimeSecretApi(
    "tom@example.com",
    "04821d62",
    { url: "https://www.my-ots-server.com", apiVersion: "v1" });

or

import {InputError, OneTimeSecretApi} from "onetimesecret-api";

try {
    const ots = new OneTimeSecretApi();
} catch(error) {
    if (error instanceof InputError) {
        console.error("Username or password missing");
    } else {
        console.error(`Unknown error: ${error}`);
    }
}

Status

Request the server status as boolean.

status() -> boolean
  • Returns boolean state of server
  • Throws
    • InternalServerError: unspecified internal server error
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout

Example:

ots.status()
.then((status) => {
    console.log(`Status: ${status}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Share

Encrypt and share a secret.

share(<secret>, [<options>]) -> object
  • <secret>: the secret to share (depending on your account type 1k to 10k length)
  • <options>: additional api options of type ApiOptionsShare
    • <passphrase>: passphrase that will be required to read the secret
    • <ttl>: time in seconds after which the secret will be automatically be deleted ("burned")
    • <recipient>: email address of the person the secret should be sent to by the server
  • Returns a promise that provides an ApiResponseShare object. The returned object contains all of the metadata of the newly created secret. Important values:
    • secret_key: the secret key that is used to share the secret
    • share_link: the share link of the secret that is supposed to be be shared
    • metadata_key: key used to manage the secret; this key must remain private
  • Throws
    • InputError: no secret provided
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout

Examples:

ots.share('My very special secret')
.then((response) => {
    console.log(`Secret key: ${response.secret_key}`);
})
catch((error) => {
    console.error(`Error: ${error}`);
});

or

ots.share('My very special secret', { ttl: 3600 })
.then((response) => {
    console.log(`Secret key: ${response.secret_key}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Generate

Generate a short, encrypted secret and share it.

generate([<options>]) -> object
  • <options>: additional api options of type ApiOptionsGenerate
    • <passphrase>: passphrase that will be required to read the secret
    • <ttl>: time in seconds after which the secret will be automatically be deleted ("burned")
    • <recipient>: email address of the person the secret should be sent to by the server
  • Returns a promise that provides an ApiResponseGenerate object. The returned object contains all of the metadata of the newly created secret. Important values:
    • secret_key: the secret key that is used to share the secret
    • share_link: the share link of the secret that is supposed to be be shared
    • metadata_key: key used to manage the secret; this key must remain private
  • Throws
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout

Example:

ots.generate()
.then((response) => {
    console.log(`Secret key: ${response.secret_key}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Retrieve secret

Retrieve a secret from the server. This call is used to get a secret someone else shared with you. If the secret was shared with a passphrase it has to be provided to the call in the options.

retrieveSecret(secret_key, [<options>]) -> object
  • <secret_key>: secret key that was shared with you
  • <options>: additional api options of type ApiOptionsRetrieveSecret
    • <passphrase>: passphrase that will be required to read the secret
  • Returns a promise that provides an ApiResponseRetrieveSecret object. The returned object contains all the information of the secret you can access. Important values:
    • value: the secret shared with you
  • Throws
    • InputError: no secret key provided
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout
    • UnknownSecretError: secret key not found

Example:

ots.retrieveSecret('hbo11uxhmg2gze0mlcmyf4x0qahawqa')
.then((response) => {
    console.log(`Secret value: ${response.value}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Retrieve metadata

Retrieve metadata for a secret you created.

retrieveMetadata(metadata_key) -> object
  • <metadata_key>: metadata key that was shared with you
  • Returns a promise that provides an ApiResponseRetrieveMetadata object. The returned object contains all of the metadata of the newly created secret. Important values:
    • secret_key: the secret key that is used to share the secret
    • share_link: the share link of the secret that is supposed to be be shared
    • status: status of the secret, e.g. "new", "received", "burned", "viewed", ...
  • Throws
    • InputError: no metadata key provided
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout
    • UnknownSecretError: metadata key not found

Example:

ots.retrieveMetadata('hbo11uxhmg2gze0mlcmyf4x0qahawqa')
.then((response) => {
    console.log(`Status: ${response.status}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Burn secret

Destroy a secret you created.

burn(metadata_key) -> object
  • <metadata_key>: metadata key that was shared with you
  • Returns a promise that provides an ApiResponseBurn object. The returned object contains all of the metadata of the newly created secret. Important values:
    • secret_key: the secret key that is used to share the secret
    • status: status of the secret set to "burned"
  • Throws
    • InputError: no metadata key provided
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout
    • UnknownSecretError: metadata key not found

Example:

ots.burn('raldp8yshsh42hyse')
.then((response) => {
    console.log(`Status: ${response.status}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Retrieve recent secrets

Retrieve all recently created secrets and most of its metadata.

recentMetadata() -> Array[object]
  • Returns a promise that provides an ApiResponseRecentMetadata object. The returned object contains a list if objects where each object represents a secret. It has a subset of attributes as described for retrieve_metadata.
  • Throws
    • InternalServerError: unspecified internal server error
    • NetworkError: network request failed
    • NotFoundError: the call isn't supported by the server
    • NotAuthorizedError: invalid username or password
    • RateLimitedError: account has been rate limited due to many requests
    • TimeoutError: request timeout

Example:

ots.recentMetadata()
.then((response) => {
    console.log(`Secret 0 state: ${response[0].state}`);
})
.catch((error) => {
    console.error(`Error: ${error}`);
});

Release

  1. Update and commit changes
  2. Compile Javascript files: yarn build
  3. Commit Javascript files
  4. Publish to npm: yarn publish or npm publish